Geek Answers Handbook

Reading data from a European DTCO card

I need to be able to read the card and company identification data from the company's European cards with a tachograph (smart cards). They are described in REGULATION OF THE COMMISSION (EC) No. 1360/2002 , but I have a problem. The data that I need to read is contained in the EF Identification file, which must be read using secure messaging, so I need to issue the Manage Safe APDU Environment command, which requires a key identifier that identifies the key located on the card.

I do not know where to find these key identifiers or the data that creates them (described in the appendix to the document). I am waiting for feedback from our partners in Europe, but I thought that I would try to contact here in the hope that someone would do it and be able to offer some advice.

The key identifier consists of the serial number of the equipment, date, manufacturer code and specific manufacturer. This indicates a problem, because I need to have access to data from any company card, regardless of manufacturer, issuer or owner. Not sure how I can get the data to create the key.

I understand that this is rather specialized information, but it has stalled for a week, so I am trying rather desperately to find a solution to continue.

+2
source share
2 answers

I believe that you first need to get a certificate from a CA country. Then you can execute the following algorithm (simplified from Appendix 11, section 4):

  • Select and read a card certificate (EF_CERTIFICATE)
  • Run the Security Management command to select the Root CA public key
  • Issue a certificate of confirmation to a CA country certificate
  • Run the Security Management command to select the countryโ€™s public key CA
  • Issue certificate with certificate
  • Run the Security Management command to select your public key.
  • Issue an internal authentication command. Check the answer.
  • Issue the command "Get Call"
  • Issue an external authentication command
  • Calculate Session Key
  • Select file EF_IDENTIFICATION
  • Run the Read Binary Files command using secure messaging (you need a session key to calculate the checksum and decrypt the result).
+2
source

I do not know the standard, but I would assume that you read the EF Card_Certificate , restored the contents of the certificate and extracted the key identifier from it.

Assuming you have a root certificate (published here: http://dtc.jrc.it/erca_of_doc/EC_PK.zip ), you need to:

  • Read EF CA_Certificate
  • Follow the algorithm in Appendix 11, section 3.3.3.
  • Extract CA public key from certificate content
  • Read EF Card_Certificate
  • Follow the algorithm in Appendix 11, section 3.3.3.
  • The key identifier should now be byte 20-27 from the restored contents of the certificate.
+2
source

More articles:


All Articles